Rights management services provide software that protects ownership/copyright of electronic content by restricting what actions an authorized recipient may take in regard to that content. The term content refers to information and data stored in digital format including: pictures, movies, videos, music, programs, multi-media, games, documents, etc. A few of the primary functions of rights management services are to control licensing authorization so that content is unlocked only by authorized intermediate or end-users that have secured a license, and to control content usage according to the conditions of purchase or license or otherwise imposed by the author (e.g., permitted number of copies, number of plays, the time interval or term the license may be valid, or actions that may be performed on the content, such as further distribution, opening or accessing, printing, and the like). Another function of rights management services may be to identify the origin of unauthorized copies of content to further combat piracy.
Originally, the idea of rights management was used to protect against the on-line piracy of commercially marketed material such as digital periodicals, books, photographs, educational material, video, music, etc. The use of rights management, however, has become increasingly popular in the business setting to protect proprietary or confidential information within a business network. For example, a CEO of a large corporation may wish to distribute an e-mail that includes trade secrets. Because of the confidential nature of this information, however, the CEO may wish to limit the actions recipients may take in regard to this content. For example, the CEO may wish to allow upper-level management to read, copy, print, and save the confidential information; however, she may wish to limit other employees to read-only access or to no access at all. Accordingly, through the use of rights management services the CEO can specify who is authorized to view the protected content and what actions they may take in regards thereto.
The above illustrates just one of many examples of the importance of controlling content in a business network environment. Although rights management is becoming a popular tool in a business environment, there currently exist several drawbacks and deficiencies in the system. For example, typically the onus of protecting a piece of e-mail using rights management policies rests entirely upon the sender. That is, if the sender wants to protect an e-mail (e.g., make it confidential by restricting forwarding/saving/printing/copying of the e-mail message or set a condition upon which the message will expire), he must select the recipients and then manually apply an appropriate rights management protection to the e-mail. In some cases the protection is associated with a template (default or administrator created), in other cases the sender protects the e-mail according to specific criteria. Unfortunately, experience has shown that the more hoops a user must jump through to comply with a security policy, the less likely it is that the user will comply. Accordingly, the sender's employer may desire the ability to dynamically apply rights management to the e-mail message once the sender has created and initiated sending of the e-mail message.
Another drawback of the current rights management services occurs when a sender has set a date for when the content will expire. The behavior of content expiration is such that, when a recipient attempts to open a document (or e-mail) that has expired, the document is empty. Under the covers the content is still there, however it is being programmatically removed at runtime. Given enough time, a skilled hacker could crack an expired rights management-protected file if he has access to it. Furthermore there may be additional drawbacks to having the underlying content persisted beyond the desired expiration. For example, a corporation may have mail retention policies that apply to specific types of information (e.g., a law firm may require that all mail about a specific case is to be purged after 2 years). Additionally, with the continuing proliferation of e-mail coupled with rich (and large) content, users are sending more and larger e-mail than ever before. This situation results in storage bloat on the e-mail server and forces e-mail administrators to allocate more and more disk space for their users. Accordingly, there exists a need for a method to assure that any expired rights management-protected e-mail or attachment to an e-mail is deleted as it passes through a message transfer agent such as an e-mail server.